SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 4

changes.mady.by.user Christopher Leonavicius

Saved on

compared with

New Version Current

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2022.2

A switch statement is comprised of block comprises several case labels , and a an optional but highly recommended default label. The default label is not required, but strongly recommended. The statements following a case label conventionally Statements that follow each case label must end with a break; statement, which moves is responsible for transferring the control flow to the end of the switch block. If When omitted, control flow falls through to the next case statement in the switch blockthe statements in the subsequent case label are executed. Because the break statement is not requiredoptional, omitting it produces no compiler warnings, and if this was . When this behavior is unintentional, it can lead to an cause unexpected control flow.

Noncompliant Code Example

In this noncompliant code example, the case where the card = is 11 does not have lacks a break statement. Thus, As a result, execution continues with the statements for card = 12 are also executed when card = 11.

Code Block
bgColor#FFCCCC

int card = 11;

switch (card) {
  /* ... */
  case 11: 
    System.out.println("Jack");
  case 12: 
    System.out.println("Queen"); 
    break;
  case 13: 
    System.out.println("King"); 
    break;
  default: 
    System.out.println("Invalid Card"); 
    break;
}

Compliant Solution

In the This compliant solution , terminates each case label is ended (including the default case) with a break statement.:

Code Block
bgColor#CCCCFF

int card = 11;

switch (card) {
  /* ... */
  case 11: 
    System.out.println("Jack");
    break;
  case 12: 
    System.out.println("Queen"); 
    break;
  case 13: 
    System.out.println("King"); 
    break;
  default: 
    System.out.println("Invalid Card"); 
    break;
}

Exceptions

Applicability
Failure to include break statements can cause unexpected control flow.
The break statement at the end of the final case in a switch statement may be omitted. By convention, this is the default labelEX1: The last label in a switch statement requires no break. The break statement serves to skip to to transfer control to the end of the switch block. Fall-through behavior also causes control to arrive at the end of the switch block. Consequently, so control flow will continue transfers to the statements following the switch block with or without it. . Conventionally, the last label is the default label.
 EX2: In some cases, where control flow is intended to execute the same code for multiple cases, it is permissible to omit the break statement. However, these instances must be explicitly documented.without regard to the presence or absence of the break statement. Nevertheless, the final case in a switch statement should end with a break statement in accordance with good programming style [Vermeulen 2000].
Exceptionally, when multiple cases require execution of identical code, break statements may be omitted from all cases except the last one. Similarly, when processing for one case is a proper prefix of processing for one or more other cases, the break statement may be omitted from the prefix case. This should be clearly indicated with a comment. For example:
 Code Block
bgColor#CCCCFF

int card = 11;
int value;

/*/ CaseCases 11,12,13 fall through to the same case */
switch (card) {
  // Processing for this case requires a prefix
  /* ... *// of the actions for the following three
  case 10:
    do_something(card);
    // Intentional fall-through
    // These three cases are treated identically 
  case 11:        // Break not required
  case 12:        // Break not required
  case 13: 
    value = 10; 
    break;        // Break required
  default: 
    /*/ Handle Errorerror Conditioncondition */ 
}

Risk Assessment
Failure to include break statements leads to unexpected control flow.
 Recommendation 
 Severity 
 Likelihood 
 Remediation Cost 
 Priority 
 Level 
 
 medium 
 likely 
 low 
 P6 
 L2 
Automated Detection
Unknown
Other Languages
Also, when a case ends with a return or throw statement, the break statement may be omitted.
Automated Detection
ToolVersionCheckerDescription
Parasoft Jtest
 Include Page
Parasoft_V
Parasoft_V
CERT.MSC52.SBCDo not use a "switch" statement with a bad "case"
SonarQube
 Include Page
SonarQube_V
SonarQube_V
S128

Bibliography
[JLS 2013]
§14.11, "The switch Statement"

...
Image Added Image Added Image AddedThis rule appears in the C++ Secure Coding Standard as MSC18-CPP. Finish every set of statements associated with a case label with a break statement and MSC17-C. Finish every set of statements associated with a case label with a break statement.